chore: merge PR #987 with conflict resolution

Author: fabiovincenzi

.github/workflows/ci.yml

@@ -50,6 +50,9 @@ jobs:
       - name: Check Types (Server)
         run: npm run check-types:server
 
+      - name: Build TypeScript
+        run: npm run build-ts
+
       - name: Test
         id: test
         run: |

.github/workflows/codeql.yml

@@ -60,7 +60,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3
+        uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -73,7 +73,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3
+        uses: github/codeql-action/autobuild@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -86,6 +86,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3
+        uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
       - name: Dependency Review
-        uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4
+        uses: actions/dependency-review-action@45529485b5eb76184ced07362d2331fd9d26f03f # v4
         with:
           comment-summary-in-pr: always
           fail-on-severity: high

.github/workflows/sample-publish.yml

@@ -9,22 +9,32 @@ permissions:
   contents: read
 
 jobs:
-  build:
+  build-and-publish:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
         with:
           egress-policy: audit
-
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           node-version: '22.x'
           registry-url: 'https://registry.npmjs.org'
-      - name: publish sample package
-        run: npm install --include peer && npm publish --access=public
+
+      - name: Install dependencies
+        working-directory: plugins/git-proxy-plugin-samples
+        run: npm ci
+
+      - name: Build TypeScript
+        working-directory: plugins/git-proxy-plugin-samples
+        run: npm run build
+
+      - name: Install peers and publish
         working-directory: plugins/git-proxy-plugin-samples
+        run: |
+          npm install --include=peer
+          npm publish --provenance --access=public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/scorecard.yml

@@ -42,7 +42,7 @@ jobs:
           persist-credentials: false
 
       - name: 'Run analysis'
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
         with:
           sarif_file: results.sarif

.gitignore

@@ -274,3 +274,9 @@ website/.docusaurus
 
 # Test SSH keys (generated during tests)
 test/keys/
+
+# VS COde IDE
+.vscode/settings.json
+
+# Generated from testing
+/test/fixtures/test-package/package-lock.json

.npmignore

@@ -1,5 +1,12 @@
 # This file required to override .gitignore when publishing to npm
+src/
+tests/
+*.test.ts
+
+tsconfig.json
+jest.config.js
+.eslintrc.js
+.prettierrc
+
 website/
 plugins/
-experimental/
-cypress/

SSH.md

@@ -1,4 +1,4 @@
-### SSH Git Proxy Data Flow
+### GitProxy SSH Data Flow
 
 1.  **Client Connection:**
     - An SSH client (e.g., `git` command line) connects to the proxy server's listening port.

config.schema.json

@@ -7,7 +7,7 @@
   "properties": {
     "proxyUrl": {
       "type": "string",
-      "description": "Deprecated: Used in early versions of git proxy to configure the remote host that traffic is proxied to. In later versions, the repository URL is used to determine the domain proxied, allowing multiple hosts to be proxied by one instance.",
+      "description": "Deprecated: Used in early versions of GitProxy to configure the remote host that traffic is proxied to. In later versions, the repository URL is used to determine the domain proxied, allowing multiple hosts to be proxied by one instance.",
       "deprecated": true
     },
     "cookieSecret": { "type": "string" },
@@ -30,19 +30,6 @@
           },
           "additionalProperties": false
         },
-        "github": {
-          "type": "object",
-          "description": "Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer referenced in the codebase.",
-          "properties": {
-            "baseUrl": {
-              "type": "string",
-              "format": "uri",
-              "examples": ["https://api.github.com"],
-              "deprecated": true
-            }
-          },
-          "additionalProperties": false
-        },
         "gitleaks": {
           "type": "object",
           "description": "Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin",
@@ -57,16 +44,188 @@
       "additionalProperties": false
     },
     "commitConfig": {
-      "description": "Enforce rules and patterns on commits including e-mail and message",
-      "type": "object"
+      "title": "CommitConfig",
+      "description": "Block commits based on rules defined over author/committer e-mail addresses, commit message content and diff content",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "author": {
+          "title": "Author",
+          "description": "Rules applied to commit authors",
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "email": {
+              "title": "Email",
+              "description": "Rules applied to author email addresses",
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "local": {
+                  "title": "Local",
+                  "description": "Rules applied to the local portion of the email address (i.e. section before the @ symbol)",
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "block": {
+                      "title": "Block",
+                      "description": "Block commits with author email addresses where the first part matches this regular expression",
+                      "type": "string"
+                    }
+                  },
+                  "required": []
+                },
+                "domain": {
+                  "title": "Domain",
+                  "description": "Rules applied to the domain portion of the email address (i.e. section after the @ symbol)",
+                  "type": "object",
+                  "additionalProperties": false,
+                  "properties": {
+                    "allow": {
+                      "title": "Allow",
+                      "description": "Allow only commits where the domain part of the email address matches this regular expression",
+                      "type": "string"
+                    }
+                  },
+                  "required": []
+                }
+              },
+              "required": []
+            }
+          },
+          "required": []
+        },
+        "message": {
+          "title": "Message",
+          "description": "Rules applied to commit messages",
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "block": {
+              "title": "MessageBlock",
+              "description": "Block commits where the commit message matches any of the given patterns",
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "literals": {
+                  "title": "MessageBlockLiteral",
+                  "description": "Block commits where the commit message contains any of the given string literals",
+                  "type": "array",
+                  "items": { "type": "string" }
+                },
+                "patterns": {
+                  "title": "MessageBlockLiteral",
+                  "description": "Block commits where the commit message matches any of the given regular expressions",
+                  "type": "array",
+                  "items": { "type": "string" }
+                }
+              },
+              "required": []
+            }
+          },
+          "required": []
+        },
+        "diff": {
+          "title": "Diff",
+          "description": "Rules applied to commit diff content",
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "block": {
+              "title": "DiffBlock",
+              "description": "Block commits where the commit diff matches any of the given patterns",
+              "type": "object",
+              "additionalProperties": false,
+              "properties": {
+                "literals": {
+                  "title": "DiffBlockLiteral",
+                  "description": "Block commits where the commit diff content contains any of the given string literals",
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "patterns": {
+                  "title": "MessageBlockPatterns",
+                  "description": "Block commits where the commit diff content matches any of the given regular expressions",
+                  "type": "array",
+                  "items": {}
+                },
+                "providers": {
+                  "title": "MessageBlockProviders",
+                  "description": "Block commits where the commit diff content matches any of the given regular expressions, except where the repository path (project/organisation) matches one of the listed privateOrganisations. The keys in this array are listed as the block type in logs.",
+                  "type": "object",
+                  "additionalProperties": { "type": "string" }
+                }
+              },
+              "required": []
+            }
+          },
+          "required": []
+        }
+      },
+      "required": []
     },
     "attestationConfig": {
-      "description": "Customisable questions to add to attestation form",
-      "type": "object"
+      "title": "AttestationConfig",
+      "description": "Configuration for the attestation form displayed to reviewers. Reviewers will need to check the box next to each question in order to complete the review attestation.",
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "questions": {
+          "title": "AttestationQuestions",
+          "description": "Customisable attestation questions to add to attestation form.",
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+              "label": {
+                "title": "QuestionLabel",
+                "description": "The text of the question that will be displayed to the reviewer",
+                "type": "string"
+              },
+              "tooltip": {
+                "title": "QuestionTooltip",
+                "description": "A tooltip and optional set of links that will be displayed on mouseover of the question and used to provide additional guidance to the reviewer.",
+                "type": "object",
+                "additionalProperties": false,
+                "properties": {
+                  "text": {
+                    "type": "string"
+                  },
+                  "links": {
+                    "type": "array",
+                    "items": { "type": "string", "format": "url" }
+                  }
+                },
+                "required": ["text"]
+              }
+            },
+            "required": ["label", "tooltip"],
+            "title": "Question"
+          }
+        }
+      },
+      "required": []
     },
     "domains": {
-      "description": "Provide domains to use alternative to the defaults",
-      "type": "object"
+      "description": "Provide custom URLs for the GitProxy interfaces in case it cannot determine its own URL",
+      "type": "object",
+      "properties": {
+        "proxy": {
+          "title": "ProxyUrl",
+          "description": "Override for the default proxy URL, should include the protocol",
+          "type": "string",
+          "format": "url"
+        },
+        "service": {
+          "title": "Service UI URL",
+          "description": "Override for the service UI URL, should include the protocol",
+          "type": "string",
+          "format": "url"
+        }
+      }
     },
     "rateLimit": {
       "description": "API Rate limiting configuration.",
@@ -93,7 +252,7 @@
       "additionalProperties": false
     },
     "privateOrganizations": {
-      "description": "Pattern searches for listed private organizations are disabled",
+      "description": "Provider searches for listed private organizations are disabled, see commitConfig.diff.block.providers",
       "type": "array"
     },
     "urlShortener": {
@@ -122,6 +281,16 @@
         "$ref": "#/definitions/authorisedRepo"
       }
     },
+    "limits": {
+      "description": "Configuration for various limits",
+      "type": "object",
+      "properties": {
+        "maxPackSizeBytes": {
+          "type": "number",
+          "description": "Maximum size of a pack file in bytes (default 1GB)"
+        }
+      }
+    },
     "sink": {
       "description": "List of database sources. The first source in the configuration with enabled=true will be used.",
       "type": "array",
@@ -279,7 +448,7 @@
             },
             "userGroup": {
               "type": "string",
-              "description": "Group that indicates that a user should be able to login to the Git Proxy UI and can work as a reviewer"
+              "description": "Group that indicates that a user should be able to login to the GitProxy UI and can work as a reviewer"
             },
             "domain": { "type": "string", "description": "Active Directory domain" },
             "adConfig": {

cypress/e2e/login.cy.js

@@ -3,7 +3,7 @@ describe('Login page', () => {
     cy.visit('/login');
   });
 
-  it('should have git proxy logo', () => {
+  it('should have GitProxy logo', () => {
     cy.get('[data-test="git-proxy-logo"]').should('exist');
   });